package com.zhanghe.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
			.authorizeRequests()//通过authorizeRequests()定义哪些URL需要被保护、哪些不需要被保护
				.antMatchers("/","/home").permitAll()//指定了/和/home不需要任何认证就可以访问
				.antMatchers("/static/**").permitAll()
				.anyRequest().authenticated()//其他的路径都必须通过身份验证
				.and()
			.formLogin()//通过formLogin()定义当需要用户登录时候，转到的登录页面。
				.loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
	}
	
	@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("Admin");
    }
}
